Got hacked. Need advice/help/miracle?

[Assault]

Firstly, no, it's not another of those "OMG I WOZ HEKKED!11 WADDAFOK!!1" threads. So please, no flaming, and no stupid comments.

On the 31st August my Gmail was compromised and hacked into. I saw an IP from Norway accessing my Gmail, so I kicked them out and changed my password. Not sure how they got in, I assume it was a brute force attack on my password, since my passwords are always very secure, I did not have any keyloggers or a virus, and I do not download "dodgy" third party software (for "easier gameplay"). Now, my Gmail account was NOT directly linked to my Maple Story accounts... the e-mails associated with my MS accounts were on privately owned domains, not web based e-mail systems, but were forwarded to my Gmail account where I received e-mails from about 10 domains.

I then noticed an e-mail in my trash folder on Gmail that was from Nexon, requesting a "forgotten" user ID. Of course at this point I suspected that the intruder had tried to access my two main MS accounts. The problem is, to do this on the website you need the e-mail address associated with the account, and the date of birth. Since my Gmail had been broken into, I assumed that they had found the e-mail addresses through old NX receipts (which I keep for my own records of course). This of course, does not explain the date of birth, since the dates used were fake, and only written down on pieces of paper at home. This means that the hacker used some sort of birthday cracker, or a web exploit to get past it.

At this point, I began to secure my Gmail by changing the password again, and continued by trying to log into the Nexon site on both of my main accounts to change the passwords and request a PIN reset. I attempted to do so and was told that the password was incorrect. I tried to log into my accounts in-game and was told the same. I then attempted to request a password reset, but was told that I had exceeded the maximum number of requests for the day. I checked my Gmail again, and no e-mails had come through. I tested the e-mail address in question and it worked fine. I changed my Gmail password again just in case, and checked the IPs accessing the account. Hacker had not got back on at this moment.

I then proceeded to log into my host's control panel pages to try to redirect the e-mails. While doing so I noticed the hacker back in my Gmail account, at which point I got kicked out of Gmail, and couldn't log back in since they had changed my password and removed my phone number and secondary e-mail for password resets. It took me about 10 minutes to gain control of my Gmail account again, at which point a password reset had miraculously been sent for both of my main accounts, and a PIN reset attained.

I then logged onto MS and saw my mushroom disappear from the FM. At this point I turned my attention to securing my Gmail and domains. It took me about 40 minutes to download and remove all of my e-mails from Gmail, change all of my passwords, and redirect all my domains to a different secure e-mail account. By this time though, the hacker had removed most of my items and logged off.

I was whispered by the IGN "umpowns" during this, telling me that they were finding it hard to get into my account, and that they were now trying to get back into my Gmail, although I didn't see this until afterwards. They seemed to know a few of my IGN, which leads me to believe they are a regular on either HS or SW, which is the only place that a few of my IGNs would have appeared.

I couldn't reset my password on the Nexon site until midnight PDT. I did so less than a minute after midnight, reset my passwords and PINs, and logged in to find about 10B of items gone and one of my characters "Aborts" deleted (LV98 CB that was the guild owner of "Recondite" in Scania). The hacker had also remade "Aborts" on another account, no doubt to use to sell my items later.

I contacted Nexon about this immediately, giving them plenty of details to track the hacker (his IP, mine, details of the items, exact times and dates etc). I received a reply today with the classic "don't give out your account info" etc, to which I have replied in length. I am currently waiting for a second reply.

Meanwhile, one of the two accounts that was hacked has been permanently banned for "illicit advertising and promotion", which is ridiculous since I do nothing of the sort. I still had about 200M of items on there from merchanting the last day or two, so those are now gone, along with a 128 DrK, 131 NL, and 144 Buc. The other account (with my 160 I/L and 91 Sader) is currently working fine, although it's not secure at all since if the hacker has my ID, birthday and e-mail (none of which can be changed), they can easily block me from logging in for a day again, and brute force their way into my account.

I just e-mailed Nexon about that situation too, adding to what has already happened.

I wanted to write this post to tell anyone that knows me about the situation, warn people not to buy from or trust the IGN "Aborts" now, since it's not me, and to let people know about possible Gmail and Nexon.net exploits, and to be careful.

If anyone has any advice about how to best approach Nexon regarding this please let me know. Also does anyone know the likelyhood of them changing my ID or e-mail? Do they ever do this or not?

Hopefully I will get a decent reply from them, but I suspect this will not be the case.

[Morgana]

I think they can change emails, but they don't do it readily... I did hear of someone who got his changed a while ago, after his ISP deleted that email address, though it took him months to make Nexon listen. I'm pretty sure it's impossible to change your ID. Not sure about birthdays... Should be possible to change, but I've never heard of them doing it.

My condolences... That's horrible. For the sake of everyone on MS, I hope this hacker gets caught, because if your account setup can be breached, I'm pretty sure almost everyone's can.

Have you decided what you're going to do yet? Quit? Restart? If, by some chance, you decided to restart on Bera, I'd help you out, though I'm awfully poor by your standards.

EDIT: I remembered. You're in Europe, right? So you can't just create new accounts?

[Assault]

I think they can change emails, but they don't do it readily... I did hear of someone who got his changed a while ago, after his ISP deleted that email address, though it took him months to make Nexon listen. I'm pretty sure it's impossible to change your ID. Not sure about birthdays... Should be possible to change, but I've never heard of them doing it.

Yeah, I know everything is POSSIBLE to change (not really hard to change values in a database, is it...), but I wondered whether or not they would do. If the hacker still has my birthday (from using a birthday cracker), ID, and e-mail address, they can easily brute force my password and PIN again, without needing access to my e-mails (which are 100% secure now that I moved them off of Gmail). I'm gonna keep on at them and see what they say though. I should hopefully be able to escalate the matter and get to talk to someone that can ACTUALLY do something.

My condolences... That's horrible. For the sake of everyone on MS, I hope this hacker gets caught, because if your account setup can be breached, I'm pretty sure almost everyone's can.

The most annoying thing is that I didn't actually do anything (as far as I know), I didn't have a keylogger, no spyware, and it looks like the main culprit was an unsecure Gmail account, since that's how they seemed to do everything. If I was keylogged, they wouldn't need to break into my Gmail since they would have the user and pass, and could just use a pincracker.

Have you decided what you're going to do yet? Quit? Restart? If, by some chance, you decided to restart on Bera, I'd help you out, though I'm awfully poor by your standards.

Aww thank you for the offer. I'm not sure what I'm going to do yet. I'd been merchanting for the last couple of days on my main account, until I'd heard back from Nexon. Managed to get up to about 150M ish from 100K, but then like I say, my main account was then randomly banned yesterday, and I'm still waiting to hear back from Nexon. That account had a 144 Buc, 131 NL, 128 DrK, and a 98 CB (which the hacker deleted). So on top of being stripped, I've just lost those (permanently, if Nexon don't help). A friend offered to give me a few billion to get me going again, and Jen (sacredyuja) offered to buy me some NX cards to gach with (awww <3), but I'm not taking them up on the offers of course. Very nice of them but I don't want to take things from people.

EDIT: I remembered. You're in Europe, right? So you can't just create new accounts?

Yeah, I can't make new accounts. Luckily I have another 5 or 6 accounts though, and I've just stripped some characters to make a couple of them "clean" (ie empty lol), moved some held IGN's over, and made a selling mule. But like I said, I'm not sure what I want to do. I can make another character easy (my 160 I/L still works for now, and friends can help leech me), and I can make the mesos back without a huge amount of effort (would take me a few months of hardcore merchanting to make it all back), but it's more that I'm pissed off that this could happen, and pissed off that Nexon is refusing to help.

I also just realised today that the hacker had managed to take my SW account too (must have asked for a password reminder) and post up a keylogger on the SW forum. I've managed to edit it out and PM mods about it, but I downloaded the keylogger they posted, and got their e-mail address out of it. I'm collecting info on them, have contacted Google, and contacted their ISP (who are now working with me to do something). I'm also handing the e-mail address to friends of mine to see what they can do with it (I'm pretty up on my technical stuff, but I'm no expert lol)... hopefully I can get some more info. The guy is in Norway, and I have "large" friends in Norway, so I may be able to arrange a home visit if I can get more information about his location.

I'm gonna keep on at Nexon for now though, and see what they say. I expected a crappy reply at first, but hopefully if I keep on at them they will hand the issue to someone with a bit more "security clearance" as such, who can deal with everything, since it's 50% Google's fault and 50% Nexon's fault here, not mine.

[Morgana]

but I downloaded the keylogger they posted, and got their e-mail address out of it. I'm collecting info on them, have contacted Google, and contacted their ISP (who are now working with me to do something). I'm also handing the e-mail address to friends of mine to see what they can do with it (I'm pretty up on my technical stuff, but I'm no expert lol)... hopefully I can get some more info. The guy is in Norway, and I have "large" friends in Norway, so I may be able to arrange a home visit if I can get more information about his location.

Wow, sounds like the hacker is going to be sorry he/she messed with you! Good luck, and I don't usually curse, but get that ******* good.

On a somewhat depressing note, almost everyone I've heard of that actually got hacked and not just keylogged/tricked by a "friend", was hacked either through a Gmail account or by posting their IGN on their Facebook profile.

Best of luck on dealing with Nexon, too. Assuming anyone actually reads your ticket, it should get escalated, but who knows if they'll do anything other than skim it, or if the customer service people will actually walk across the building to the database managers to get everything changed.

About changing IDs. As far as I know, it's technically possible, but it would be an awful lot bigger pain than changing virtually anything else, considering it's linked to data not only in the login servers, but in-game as well, like your characters, storage, NX information, and tons more... My guess is, they'll tell you that they can't because of that. Also, if they did change it, and pulled a Nexon and forgot to change it in a few places, that could cause some serious errors.

[Assault]

I've never thought I'd get hacked, since I don't download dodgy programs, and never get spware or keyloggers. I've never had ANYTHING of mine hacked into in my life, and I've been on the Internet since the early '90s. It sucks that security holes with Gmail and Nexon.net have caused me to lose what is basically (in terms of meso sacks in the CS) about $3500 worth of accounts, not including the time and effort taken to level them, and the NX spent on them. It's probably closer to at least $5000.

They already closed my first ticket with the usual bull**** reply of telling me not to give out my account info etc. I wrote to them again explaining that I'm not a 14 year old kid with all their info posted up on a MySpace page, that I'm a very security conscious 30 something with an income and a brain, and that I want them to actually do something about it since I will not be fobbed off with replies implicating that security holes on THEIR website are somehow MY fault.

[emailbox]

Sorry to hear about this. I can't really say much because I've never been hacked to this degree, but I hope you work things out (and screw over that *****).

[Simulation]

.......Wow.

[ClericLordLeo]

Five thousand dollars could be worth the lawsuit.

[Simulation]

Five thousand dollars could be worth the lawsuit.

Five thousand dollars could be worth the lawsuit? Would $15 be worth one?

[TheDon]

Damn Tim, I'm sorry to hear that. That is awful. People can do some terrible things at times. There is nothing I can really offer to help, but I hope you are able to get everything back together and get this person caught.

Now I'm going to go change all of my passwords and resecure all of my stuff.